stealc | a62d5acae7355991b2d967c2d77aa329b3a9fe234bf2616748aaaf14196966b7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a62d5acae7355991b2d967c2d77aa329b3a9fe234bf2616748aaaf14196966b7
Size

448KB
Sample

240418-xza97sce27
MD5

655d0f0862e457c2875d8f0620db2cfa
SHA1

19af0abd56db28a734e486900fcd68a235a251b3
SHA256

a62d5acae7355991b2d967c2d77aa329b3a9fe234bf2616748aaaf14196966b7
SHA512

befb7dbf0be18db82ab976e90021b90d05501b41d837e0e0f365753063dc9f0af0eaf73ae46d0ae80a3f9b1cad90a76a29b34c3b290dcb432e09c534c45e0f88
SSDEEP

6144:cLCoDvHwuTMwpQMLtK/mi6UN0p3JdRd8QKoy27EL4:cOoTHw0NXBGLV0pHjyL4

Score

10^/10

stealc stealer

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.209

Attributes

url_path
/3cd2b41cbde8fc9c.php

Targets

- Target
  
  a62d5acae7355991b2d967c2d77aa329b3a9fe234bf2616748aaaf14196966b7
- Size
  
  448KB
- MD5
  
  655d0f0862e457c2875d8f0620db2cfa
- SHA1
  
  19af0abd56db28a734e486900fcd68a235a251b3
- SHA256
  
  a62d5acae7355991b2d967c2d77aa329b3a9fe234bf2616748aaaf14196966b7
- SHA512
  
  befb7dbf0be18db82ab976e90021b90d05501b41d837e0e0f365753063dc9f0af0eaf73ae46d0ae80a3f9b1cad90a76a29b34c3b290dcb432e09c534c45e0f88
- SSDEEP
  
  6144:cLCoDvHwuTMwpQMLtK/mi6UN0p3JdRd8QKoy27EL4:cOoTHw0NXBGLV0pHjyL4
Score

10^/10

stealc stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2